From 4975571a5dee8957f43aff70272dd9ab89f582cf Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Thu, 5 Dec 2019 01:20:14 +0100 Subject: [PATCH] Add a CHANGES entry for CVE-2019-1551 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10576) --- CHANGES | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index df613740a9..f28ff6eab6 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,17 @@ Changes between 1.0.2t and 1.0.2u [xx XXX xxxx] - *) + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against DH512 + are considered just feasible. However, for an attack the target would + have to re-use the DH512 private key, which is not recommended anyway. + Also applications directly using the low level API BN_mod_exp may be + affected if they use BN_FLG_CONSTTIME. + (CVE-2019-1551) + [Andy Polyakov] Changes between 1.0.2s and 1.0.2t [10 Sep 2019] -- 2.25.1